C:\Users\Jeremy\Desktop\XYZ Unlimited File Binder\Stub\obj\Debug\XYZ.pdb
Behavioral task
behavioral1
Sample
09fd23d7959bd4e21ec8a31d9c49d4d0_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
09fd23d7959bd4e21ec8a31d9c49d4d0_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
09fd23d7959bd4e21ec8a31d9c49d4d0_JaffaCakes118
-
Size
1.6MB
-
MD5
09fd23d7959bd4e21ec8a31d9c49d4d0
-
SHA1
f715de9fe712dd73d905eb8b52f724a5437db466
-
SHA256
a3d1bb426b51508205568501d66f8598599425151227541445061f2f281d418c
-
SHA512
111659c6867c166c16ab89718b55e401aa4aa6dc25d07e2f71c43a8ec50411bfc8da53ec460e046844cd3a088d3dc3430706032313051bfcf3bb0cc155a0c858
-
SSDEEP
24576:3o+21WmS0z9e0HrhkUDzATx62T6CTueeZbFZAGXqnOly2L/hA4mFwQkTf4LnrIqg:3GXJkUD8TxZTLTQFanMhA44kTgLnrRg
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 09fd23d7959bd4e21ec8a31d9c49d4d0_JaffaCakes118
Files
-
09fd23d7959bd4e21ec8a31d9c49d4d0_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 125B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ